The DR plan is a sum of more Orchestration plans. This article is going to explain how to create them.
Just a small and important note before continuing: it’s mandatory to have already completed the steps described in the last article.
Let’s start!
From the main menu of the VAO server select the Manage button.
Now click on New as shown in picture 1.
Picture 1
The easy wizard is going to ask to choose a scope.
In our example, we use Linux-CDP as shown in picture 2.
Picture 2
Now fill up the plan info with the Plan Name, the description, the contact name of the plan (picture 3),
Picture 3
Select the type of Plans. In this article choose the CDP replica (picture 4)
Picture 4
In the next step please check if the correct “VM Group” appears.
If it doesn’t, it’s necessary to go back to the setup phase (please read the previous article) and fix the issue.
In our example, it appears correctly (Ubuntu-CDP) as shown in the next two pictures (5 and 6).
Picture 5
Picture 6
The next step shows the VM Recovery options (picture 7).
It gives the operator control of the plan. For example, stopping the plan if something goes wrong.
Picture 7
In “New VM Template” menu the VAO user can add additional steps to the orchestration process; for example, starting the CDP replica job first and shut down the source VMafter (Picture 8)
Picture 8
Tips I: I created a customized script to change the IP Address of the VM.
Tips II: it’s possible to set up the accesscredential directly from this page by clicking the button on the bottom of the page. It is available for Windows VM only.
The next step defines the RTO & RPO.
The most important thing to remember here is that the RPO has to be equal or major than the RPO set in the CDP replica job (picture 9).
Picture 9
The last steps define when the plan report shall be automatically generated (picture 10) and if the readiness check has to run at the end of every single wizard (recommended option) (picture 11).
Picture 10
Picture 11
The result is shown in picture 12
Picture 12
The next article is going to be a video to see VDrO in action.
A virtual LAN (vLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2) (wikipedia)
vLANs works by applying tags to network frames and handling these tags in networking systems.
——
I love how USG has faced up the vLAN challenge.
Their starting point is working with vLAN as if it were a layer 3 object and not layer 2 of the OSI model.
The idea behind USG is thinking vLAN is a new LAN with a different IP Address”. Are you a little bit confused? Yes? I also was at the beginning but now I’m enthusiastic of this new approach.
Let’s explain better with an example directly from my Lab Network.
In my Environment I needed to create 2 vLAN. The first one to address the iSCSI protocol and the second to manage the Backup traffic.
I chose #40 to point up iSCSI vLAN and #50 the Backup.
I went directly to USG user interface and created the vLANs from Network menu as shown in figure 1, 2 and 3
Figure 1
Figure 2
Figure 3
The next step is enabling routing between the new networks and the original LAN.
The task is performing selecting Switch ports from Profiles Menu.
As shown on figure 4 I set up an easy rule to let the networks talk to “each other”. In this case LAN to iSCSI as Figure 4
Figure 4
Now the last step. Enabling traffic from and to the Networks. In a simple word I worked at Firewall level.
I spent some hours to understand the options the USG can offer to their customers because it’s possible to set up many rules to manage traffic among LAN (LAN-IN and OUT), WAN (WAN-IN and OUT), GUEST (IN and OUT) and LOCAL (WAN/LAN/GUEST)
Really many many options but with a little patience, you can tune your networks answering to any security design.
In this example, I just created rules to manage the traffic LAN IN (FIGURE 5 and 6)
FIGURE 5
FIGURE 6
Before ending this article two more notes:
If you want to grant the Servers connected to LAN to surf on Internet, you just need to set up a LAN-IN and a LAN-OUT rule.
To work with vLAN you need to buy an Ethernet Switch vLAN compliant